[nrf noup] modules: hostap: Support Wi-Fi EAP-TLS mode

Support Wi-Fi enterprise mode with NRF_SECURITY.

Signed-off-by: Ravi Dondaputi <[email protected]>
(cherry picked from commit 371c48b)

Author: rado17

modules/hostap/CMakeLists.txt

@@ -612,15 +612,20 @@ zephyr_library_sources_ifdef(CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_ENTERPRISE
 )
 endif()
 
-if(CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT)
+if(DEFINED ONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT OR
+   DEFINED CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT_LEGACY_NCS)
 zephyr_include_directories(
 	${HOSTAP_BASE}/port/mbedtls
 )
 
 zephyr_library_sources(
 	${HOSTAP_SRC_BASE}/crypto/crypto_mbedtls_alt.c
-	${HOSTAP_SRC_BASE}/crypto/tls_mbedtls_alt.c
 	${HOSTAP_SRC_BASE}/crypto/rc4.c
+	${HOSTAP_SRC_BASE}/crypto/aes-wrap.c
+	${HOSTAP_SRC_BASE}/crypto/aes-unwrap.c
+	${HOSTAP_SRC_BASE}/crypto/aes-internal-dec.c
+	${HOSTAP_SRC_BASE}/crypto/aes-internal.c
+	${HOSTAP_SRC_BASE}/crypto/aes-internal-enc.c
 )
 
 zephyr_library_sources_ifdef(CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_MBEDTLS_PSA
@@ -634,8 +639,14 @@ zephyr_library_sources_ifdef(CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_ENTERPRISE
 	${HOSTAP_SRC_BASE}/crypto/sha1-internal.c
 	${HOSTAP_SRC_BASE}/crypto/fips_prf_internal.c
 	${HOSTAP_SRC_BASE}/crypto/milenage.c
+	${HOSTAP_SRC_BASE}/crypto/tls_mbedtls_alt.c
 )
 
+zephyr_library_sources_ifndef(CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_ENTERPRISE
+  ${HOSTAP_SRC_BASE}/crypto/tls_none.c
+)
+
+
 zephyr_library_sources_ifdef(CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_TEST
 	${HOSTAP_SRC_BASE}/crypto/crypto_module_tests.c
 	${HOSTAP_SRC_BASE}/crypto/fips_prf_internal.c

modules/hostap/Kconfig

@@ -109,8 +109,8 @@ config WIFI_NM_WPA_SUPPLICANT_WEP
 
 choice WIFI_NM_WPA_SUPPLICANT_CRYPTO_BACKEND
 	prompt "WPA supplicant crypto implementation"
-	default WIFI_NM_WPA_SUPPLICANT_CRYPTO_LEGACY_NCS
 	default WIFI_NM_WPA_SUPPLICANT_CRYPTO_LEGACY_NCS_PSA if SOC_SERIES_NRF54LX
+	default WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT_LEGACY_NCS
 	help
 	  Select the crypto implementation to use for WPA supplicant.
 	  WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT supports enterprise mode
@@ -211,6 +211,26 @@ config WIFI_NM_WPA_SUPPLICANT_CRYPTO_LEGACY_NCS_PSA
 	select MBEDTLS_PKCS5_C
 	select MBEDTLS_ECP_DP_SECP256R1_ENABLED
 
+config WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT_LEGACY_NCS
+	bool "Legacy Crypto support for WiFi using nRF security"
+	select MBEDTLS
+	select NRF_SECURITY
+	select MBEDTLS_CIPHER_MODE_CBC
+	select MBEDTLS_CIPHER_MODE_CTR
+	select MBEDTLS_LEGACY_CRYPTO_C
+	select MBEDTLS_ENTROPY_C
+	select MBEDTLS_CIPHER
+	select MBEDTLS_ECP_C
+	select MBEDTLS_CTR_DRBG_C
+	select MBEDTLS_PK_WRITE_C
+	select MBEDTLS_HKDF_C
+	select MBEDTLS_KEY_EXCHANGE_ALL_ENABLED
+	select MBEDTLS_MD_C
+	select MBEDTLS_MD5_C
+	select MBEDTLS_ENTROPY_C
+	select MBEDTLS_CIPHER_PADDING_PKCS7
+	select MBEDTLS_PKCS5_C
+
 config WIFI_NM_WPA_SUPPLICANT_CRYPTO_NONE
 	bool "No Crypto support for WiFi"
 
@@ -223,7 +243,17 @@ config WIFI_NM_WPA_SUPPLICANT_CRYPTO_MBEDTLS_PSA
 
 config WIFI_NM_WPA_SUPPLICANT_CRYPTO_ENTERPRISE
 	bool "Enterprise Crypto support for WiFi"
-	select MBEDTLS_PEM_CERTIFICATE_FORMAT
+	select MBEDTLS_ECDH_C
+	select MBEDTLS_ECDSA_C
+	select MBEDTLS_DHM_C
+	select MBEDTLS_SSL_TLS_C
+	select MBEDTLS_SSL_SRV_C
+	select MBEDTLS_SSL_CLI_C
+	select MBEDTLS_X509_LIBRARY
+	select MBEDTLS_TLS_LIBRARY
+	select MBEDTLS_X509_CRL_PARSE_C
+	select MBEDTLS_TLS_VERSION_1_2
+	select MBEDTLS_RSA_C
 	depends on !WIFI_NM_WPA_SUPPLICANT_CRYPTO_NONE
 
 config EAP_TLS